In Progress CPANEL-40585 - Force HTTPS on password-protected directory

Operating System & Version
11.102.0.14
cPanel & WHM Version
centOS v7.9.2009

msklut

Well-Known Member
May 24, 2020
62
5
8
NC
cPanel Access Level
Root Administrator
We have a password-protected directory /admin that is not automatically redirecting to a secure/HTTPS page. The .htaccess has a redirect rule for the entire website, but it is not working for this directory because of the password-protection. Does anyone have suggestions?

pre_virtual_host.conf (Apache Configuration » Include Editor)
Code:
<Directory "/home/myuser/public_html/admin">
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /etc/apache2/htpasswd/.htpasswd
Require valid-user
ErrorDocument 401 "Authentication Required"

Options +Includes
</Directory>
public_html/.htaccess
Code:
#HTTPS Redirect
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,416
1,633
363
cPanel Access Level
Root Administrator
Hey there! I believe this is due to the order of your configuration. The Apache includes will get read before the local .htaccess with your example. However, if you use the cPanel >> Directory Privacy tool, that creates a local .htaccess inside the specific directory you're protecting with the following code:

Code:
#----------------------------------------------------------------cp:ppd
# Section managed by cPanel: Password Protected Directories     -cp:ppd
# - Do not edit this section of the htaccess file!              -cp:ppd
#----------------------------------------------------------------cp:ppd
AuthType Basic
AuthName "Protected 'public_html/privacytest'"
AuthUserFile "/home/username/.htpasswds/public_html/privacytest/passwd"
Require valid-user
#----------------------------------------------------------------cp:ppd
# End section managed by cPanel: Password Protected Directories -cp:ppd
#----------------------------------------------------------------cp:ppd
Doing that instead of using the Apache include system will likely get things working how you expect.
 

msklut

Well-Known Member
May 24, 2020
62
5
8
NC
cPanel Access Level
Root Administrator
Based on Apache 2.4, would this be the preferred 'HTTPS redirect' method?

Code:
NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.yourdomain.com
   Redirect / https://www.yourdomain.com
</VirtualHost>
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,416
1,633
363
cPanel Access Level
Root Administrator
I always perform the redirect inside the .htaccess file. For other pieces of software, such as WordPress, you may need a plugin like ReallySimpleSSL or similar to ensure the WordPress structure is redirected properly.

That is the correct format for an Apache redirect, although many people prefer to use " Redirect permanent / Example Domain" as the last line. With a cPanel-based machine though, remember you can't edit the Apache configuration directly.